Phasor Burn

Let’s imagine that you have a server that is directly unreachable from your ssh client. Let’s also imagine that you have some users that wish to contact this server but you can not give them a shell account on an intermediate machine which can see and be seen by both ends.

ie:

Client 192.168.0.1
Tunnel 192.168.0.254 and 10.0.0.254
Server 10.0.0.1

On Tunnel

Generate the tunnel SSH key pair
# ssh-keygen -t dsa -b 1024 -C “Tunnel Key” -f /root/.ssh/tunnel.id_dsa

Add this to /etc/inittab
tun1:2345:respawn:/usr/bin/ssh -n -N -T -i /root/.ssh/tunnel.id_dsa -L 192.168.0.254:2222:127.0.0.1:22 tunnel@10.0.0.1

Tell init to reload
# telinit q

If you check ‘ps -ef’ you will see an ssh session running from init.

On Server
# useradd -s /bin/false tunnel
# mkdir ~tunnel/.ssh
# vi ~tunnel/.ssh/authorized_keys
(add tunnel.id_dsa.pub from Tunnel:/root/.ssh/ here)
# chown tunnel:tunnel ~tunnel/.ssh ~tunnel/.ssh/authorized_keys
# chmod 700 ~tunnel/.ssh ~tunnel/.ssh/authorized_keys

On Client
ssh -p 2222 192.168.0.254

Season to taste.

This is now rebranded ‘Thunderbolt’ and is available on the Apple MacBook Pro line which was refreshed today. Other Apple models sure to follow, and other manufacturers as well.

The Life Aquatic, originally uploaded by The 10 cent designer.

This was taken at -28C

Yep, she’s nutzo. Could have done this during start of a chinook when the snow was still around but temp otherwise +5 or better.

Doubly-impressive for having done it at actual minus-freaking-cold temperatures.

Pardon Moi, originally uploaded by Not Jane Doe.

This is a candid shot, believe it or not. Wow.